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The invention is related to a method for the initialisation of mobile data carriers with 
assigned decentralised read and write stations within the framework of an 
authorisation system in accordance with the generic term of claim 1. Mobile data 
carriers (e.g., identification media with or without contact, chip-cards or value cards, 
etc.) make it possible at assigned read and write stations for the user to carry out 
corresponding applications, such as the access to services (PC - access) and goods 
(beverage vending machine, restaurant), resp., the access to protected areas, 
buildings, sports stadiums, etc. In order to make possible these accesses, resp., the 
carrying-out of applications, the initialisation of the data carriers and of the assigned 
read and write stations within the framework of an authorisation system with 
corresponding initialisation information is necessary. 

This initialisation can relate to application-specific data (e.g., the registration of a 
monetary value on the data carrier) and to system-specific data (e.g., the number of 
the card issuer, data organisation in the case of multiple applications, access rules 
for data carriers, etc.). These initialisation data, resp., applications can also be 
initialised and changed too time by time, step by step and at differing points in time. 



This initialisation is a process critical for the security and also a very elaborate one, 
which is also geographically very restricted and which can only take place in 
locations within a secure environment. An example for this is described in WO 
97/34265. It describes a system with contact-less passive electronic data carriers as 
identification media IM with assigned read and write stations WR within the 
framework of an authorisation system A, wherein data carriers can contain several 
independent applications. Here every identification medium and every application 
has to be initialised in accordance with the rules of the hierarchic authorisation 
system. For this initialisation of the data carriers, special programming read and 
write stations as well as special authorisation media in a secure environment are 
necessary and all decentralised read and write stations can also be baptised, resp., 
initialised with a special means of authorisation, in order to be able to take up their 
functions. 

A decentralised initialisation of data carriers IM at these decentralised read and write 
stations mostly in an unsecured environment is not possible here. The initialisations 
for this reason is very elaborate and limited and the initialisation and administration 
of the authorisation media is also critical with respect to security and elaborate and 
costly. 

These known central initialisations of each individual data carrier with special 
authorisation means in a secure environment for this reason are very elaborate and 
expensive, not very flexible and very restricted, with them, in an unsecured 
environment it is not possible to initialise and to put into operation new applications 
and new data carriers. 



If, for example a mountain restaurant in a ski-ing area, within which for different 
applications contact-less identification media are issued as ski passes, would like to 
add an extension of the application for its application and for its customers, for 
example a loyalty application, then for this purpose each individual data carrier, i.e., 
every ski-pass, has to be initialised in a secure environment with an initialisation 
device and with a corresponding initialisation medium, i.e., not in the mountain 
restaurant, but down in the valley at a central station in this ski-ing area. This 
procedure of course is not practicable in such a case. 

A completely different kind of data transmission through a network is known in the 
case of contact card systems, where the whole organisation and all authorisations 
have to come from a single system centre. Thus from DE 197 20 431, e.g., a process 
for the electronic personalisation and initialisation of chip-cards from a central chip- 
card administration system is known. These initialisations are effected through a 
communication channel to a chip-card control system, resp. to a reading device, 
which physically makes contact with the chip-card and transfers the data directly to 
the chip-card. Also with systems of this kind the problem outlined below cannot be 
solved. 

It is therefore the objective of the invention presented here to create a method, resp., 
a system, which overcomes these limitations applicable up to now with respect to the 
initialisation of data carriers and decentralised read and write stations, the extension 
of applications and the issuing of new data carriers, which forms a significantly 
simpler, more versatile and secure initialisation method and with this also creates 
new application possibilities, and which in particular also makes it possible to make 
use of contact-less data carriers. 
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This problem is solved in accordance with the invention by a method for the 
initialisation of mobile data carriers according to claim 1 and an installation 
according to claim 28. By means of the initialisation through a network with secure 
communication and with authorisations by means of authorisation means at remote 
5 authorisation authorities in a secure environment, the mentioned further application - 
and exploitation possibilities of system like this with mobile data carriers and 
decentralised read and write stations are quite decisively expanded. 

The dependent claims are concerned with further developments of the invention with 
an expansion of the possibilities in a geographical respect, with respect to 

10 applications and the introduction of new data carriers and with respect to new kinds 
of exploitation, application and use. Decisive is the fact, that with it in principle also 
all decentralised read and write stations in an unsecured environment are utilisable 
for initialisations, inasmuch as the security is warranted by the secure 
communication through the network and by the linking with the remote 

15 authorisations authority with authorisation means in a secure environment. This 
makes quite new types of application possible, for example, a recording and 
controlling of licence payments through decentralised read and write stations. The 
additional interrogation of personal data of the owner of the data carrier or of the 
owner of the read and write station is also capable of further enhancing the security 

20 of decentralised authorisations. 

In the following, the invention is explained in more detail on the basis of Figures and 
examples. These illustrate: 



Fig. 1 



a schematic diagram of a method in accordance with the invention 
for the initialisation of data carriers through a private network, 



a method for the initialisation of data carriers through an open 
public network, 

the method according to the invention for the initialisation of data 
carriers and of decentralised read and write station through a 
network by authorisation at an authorisation authority with 
authorisation means, 

The initialisation of a mobile data carrier with authorisation - and 
initialisation information, 

an initialisation of a decentralised read and write station with 
authorisation - and initialisation information, 

the initialisation of an authorisation function at a decentralised read 
and write station, 

initialisations of applications through networks by several 
authorisation authorities, 

initialisations by several authorisation authorities through a 
network, 

initialisations by several authorisation authorities through several 
network levels, 

initialisations by several authorisation authorities through several 
network levels with several authorisation levels, 
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Fig. 11 schematically the organisation in an authorisation system with 

several authorisation, resp., organisation levels, several 
authorisation authorities on different authorisation levels and with 
5 several independent users, 

Fig. 12 the initialisation of applications in a new data carrier, 

Fig. 13 the initialisation of additional applications in a data carrier, 

10 

Fig. 14 authorisations for the initialisation of data carriers through a 

network. 



Figures 1 - 3 illustrate the method according to the invention for the initialisation of 
15 mobile data carriers IM at assigned decentralised read and write stations WR within 
the framework of an authorisation system A, which defines hierarchic rules 
applicable for the complete system of read and write stations, data carriers, 
authorisation authorities and authorisation means, such as is described, for example 
on the basis of a system with contact-less identification media in WO 97/34265. This 
20 known system, however, solely serves as a possible example of an application of the 
invention. 



The method in accordance with the invention is illustrated in Fig. 3: The 
initialisation of mobile data carriers IM with assigned decentralised read and write 
stations A-WR and/or by decentralised read and write stations WR is implemented 
25 within the framework of a hierarchic authorisation system A applicable for all 
system elements through an authorisation with authorisation means AM at an 
authorisation authority HA in a secure environment g, where initialisation data DI = 
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A-I, I-I are generated and transmitted to a decentralised authorised read and write 
station A-WR or to a decentralised read and write station WR through a network N 
in a secure communication and with security rules corresponding to the authorisation 
system. The initialisation data DI in doing so contain authorisation information A-I, 
5 which is input into the authorisation authority by the authorisation means AM and 
initialisation information I-I, which is also input into the authorisation authority HA 
or called in from it. 

At the decentralised read and write station A-WR, the mobile data carriers IM are 
10 correspondingly initialised with the initialisation data DI and with this transformed 
into initialised data carriers IMj, 

or with the initialisation data DI the decentralised read and write station WR is 
initialised and transformed into an initialised read and write station WRk. 

15 

Figures 1 und 2 illustrate the secure communication through a network N up to the 
decentralised read and write stations A-WR in an unsecured environment u. 

In the example of Fig. 1, in doing so the initialisation is implemented through a 
secure private network Np, with which the secure environment is assured right up to 
20 the read and write stations. 

Fig. 2 illustrates an example of the initialisation according to the invention through 
an open network No with an encryption and security gates Gl and G2 on both sides, 
in order to assure the necessary secure communication through the open public 
network. 
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By means of the secure connection through the network N, the decentralised read 
and write stations WR, resp. A-WR, which normally are situated in an unsecured 
environment, are tied into the secure environment of the authorisation authority HA 
for the initialisations and with this the initialisation takes place in a secure 
environment. After the initialisation has been carried out, the execution of 
applications can take place as up until now with the identification media IM at the 
read and write stations WR in an unsecured environment. The secure environment g 
through the network therefore only has to be temporarily created for the 
initialisation. 

With the Figs. 4-6, different initialisation processes are illustrated in more detail. In 
Fig. 4, first of all possible embodiments of authorisation authorities HA and AM are 
illustrated. 

In contrast to known contact card systems, e.g., in accordance with DE 197 20 431 
with a single central authorisation - and organisation station (system centre), from 
which all initialisations have to be carried out and administered, in the system 
according to the invention no such centre of the authorisation system A is necessary. 
The authorisation system a is rather more defined by the adherence to hierarchic 
authorisation rules, wherein these authorisation rules are implanted or stored in 
memory in various geographically distributed authorisation authorities HAi, e.g., on 
a chip or as a program. These authorisation rules, resp., the authorisation means AM 
in principle form a geographically distributed "virtual authorisation sy stern ceiiQe" 
A. The affiliation to the system A for all read and write station and all identification 
media is assured by a basic system preparation or basic initialisation. 
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For the initialisation of a new application Appi with the initialisation information I- 
I(Appi), an authorisation corresponding to the organisation level with the 
authorisation information A-I is necessary. With the authorisation means AM, this 
authorisation information A-I corresponding to the authorisation system A is 
5 transmitted to the authorisation authority HA. 

In this, the authorisation authorities HA in accordance with Fig. 4, e.g., can 
consist of a host computer H with the corresponding authorisation rules of the system 
A or also of a remote authorisation read and write station R-A-WR. The 
authorisation means AM, for example, can comprise an authorisation identification 

10 medium AM-IM, which contains the authorisation information A-I or of 
authorisation data AM-I, which, e.g., as a software (program) are able to be polled in 
a host H, resp., executed. In the case of a physical authorisation medium AM-IM, the 
handling corresponding to the security requirements is carried out by the holder 
(owner) of the authorisation medium. In the case of software programs AM-I in a 

15 host H, the security is assured by an identification of the user, e.g., by means of a 
PIN code or biometric data or through an assigned special identification medium 
(ID- AM). 

In Fig. 4, the initialisation of a data carrier IM is illustrated. In this, the authorisation 
information A-I(j) relates to the authorisation for the initialisation j of a data carrier 
20 IM. The initialisation information I-I(Appi) for a new application Appi is input into, 
generated in or called in by the authorisation authority HA and initialised in the data 
carrier as described through the network and the decentralised read and write stations 
A-WR: IMj (with Appi). 

Fig. 5 illustrates the initialisation k of a read and write station WR. The authorisation 
25 information is input into, created by or called in by the authorisation authority HA by 
the authorisation means AM. The initialisation information I-I(k) is also entered into 
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the authorisation authority. For the initialisation of the read and write station WR, 
i.e., for the transformation into a WRk through a network, first the authorisation 
information A-I(k) is transmitted from the authorisation authority HA to the read and 
write station WR, whereupon subsequently the transmission of the initialisation 
information I-I(k) is implemented. In analogy to the initialisation of new 
applications on a data carrier, an initialisation of the read and write station WR can 
also be carried out by corresponding initialisation data I-I(k), with which, for 
example, additional functions can be introduced into the read and write station. 

Fig. 6 illustrates the transformation, resp., initialisation of a decentralised read and 
write station WR into an authorised read and write station A-WR, in order to 
thereupon be able to carry out initialisations of mobile data carriers IM with it. To 
achieve this, the read and write station WR must be initialised with the authorisation 
function FA beforehand. First the authorisation information A-I-FA has to be input 
into the authorisation authority HA by an authorisation means AM, whereupon the 
initialisation, resp., the transformation of the decentralised read and write station WR 
into an authorised read and write station A-WR with authorisation function FA is 
carried out. Subsequently the initialisation of applications can be implemented as up 
until now (Fig. 4) by the authorisation information A-I(j) for a certain application 
Appi and the corresponding initialisation information I-I(Appi) through the network 
and the decentralised, authorised read and write station A-WR in the mobile data 
carrier IM: IMj with I-I(Appi). 

This authorisation function FA does not have to be permanently activated, it can also 
be cancelled again, resp., interrupted with the network link or after a certain time 
period or after a certain number of initialisations, as a result of which the authorised 
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read and write station A-WR is transformed back into an ordinary, decentralised read 
and write station WR. 

In Figures 4-6 further possible functions are illustrated, which are capable of being 
initialised, resp., carried out through the network N. 

Status information S-I concerning events at the authorised, resp., at the decentralised 
read and write stations A-WR, WR and/or at the mobile data carriers IM are able to 
be notified to corresponding authorisation authorities through the network and there, 
for example, to be utilised for invoicing or for the settlement of fees for usage and 
licences. Examples for this will be explained later. 

As a further option for the authorisation of a legitimate user for an initialisation with 
an identification authorisation means ID-AM, it is possible to verify his or her 
identification ID-I (Fig. 4, 5, 14). 

Absolutely essential is the secure communication of the initialisation data DI through 
the network, so that the security of the complete system with the mobile data carriers 
is not impaired by the data transmission through the network. 

In the case of a communication through private networks Np, e.g., through 
proprietary company networks, this required security is given. 

In the case of a transmission of the initialisation data through public networks No, 
for this purpose a secure communication with as such known means (encryption and 
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further security factors) has to be assured. This is also applicable for a 
communication through a combination of public and private networks. With this, in 
principle any networks are capable of being utilised for the transmission of the 
initialisation data (such as LAN, WAN, Internet, Intranet und Extranet, etc.). 
5 The initialisation in accordance with the invention can also take place through a 
virtual private network, i.e., a private data network, which makes use of public 
telecommunications networks, e.g., as company network, wherein encryption and 
tunnelling mechanisms ensure, that only authorised users obtain access, e.g., through 
the Internet IP (Internet protocol), VPM (Virtual Private Networks). 



10 Essential is the fact, that the degree of security of this communication is assured in 
correspondence with the importance of the initialisation, resp., of the initialisation 
data. 

This both with respect to the communication through the network, in principle the 
external security with respect to the network, as well as with respect to the internal 

15 security in the authorisation system, which differentiates between different hierarchic 
levels OLi in correspondence with the hierarchic definition and the importance of the 
applications. Overall, a security corresponding to the importance of the applications, 
resp., of the initialisations has to be assured both as external as well as as internal 
security, wherein of course the external security with respect to the network must not 

20 be lesser than the required internal security. 

Differing levels of importance, resp., authorisation, for example may be: 
The loading of an additional application, such as a loyalty bonus, onto a customer 
card of a supermarket only calls for a relatively low security level, because the 
potential damage resulting from unauthorised actions is slight. On the other hand, 

25 e.g., the access authorisation for utilisation levels of the highest secrecy in an EDP 
data system or the initialisation of completely new data carriers and above all the 
booking of monetary amounts call for a high security level. 
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Fig. 7 now illustrates an example with several authorisation authorities HA1, HA2, 
HA3 each respectively with the corresponding authorisation means AMI, AM2, 
AM3, within the framework of the authorisation system A, which transmit their own, 
independent applications Appl, App2, App3 with their initialisation data DI1, DI2, 
DI3 through networks Nl, N2, N3 to corresponding assigned authorised read and 
write stations A-WR, at which the mobile data carriers IM are respectively 
initialised. In this, the networks may differ, e.g., Nl an open public network and N2 
a private network, or two or more authorisation authorities may utilise the same 
network, with their own security rules, however. Naturally the read and write stations 
have to correspond to the authorisation authority, i.e., in this example the reading 
station A-WR2 is only accessible to the authorisation authority HA3, i.e., assigned to 
it with corresponding applications App3, while the read and write station A-WR1 in 
this example is assigned to and accessible for all three authorisation authorities HA1, 
HA2, HA3 with their respective applications Appl, App2, App3. The analogue is 
applicable for the assignment of the mobile data carriers IM, which are also assigned 
to one or more authorisation authorities with the corresponding possibility of 
initialisation of their applications. 



Figures 8-11 illustrate further examples of initialisations through several networks, 
resp., through several network levels (also within the same network) with several 
authorisation authorities HA and authorisation means AM as well as with several, 
resp., different authorisation levels OLi. 



Fig. 8 illustrates an example with several authorisation authorities HA1, HA2 with 
authorisation means AMI, AM2 and with different applications Appl, App2. The 
corresponding initialisation data DI1, DI2 are transmitted to the decentralised 
authorised read and write stations A-WR through the same network in one level for 
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the initialisation of the two applications Appl, App2 in the data carriers IMj. This 
may take place independent of the authorisation level OLi (also for different OLi of 
the authorisation authorities HAi, of the authorisation means AMi, of the 
applications Appi). 

Fig. 9 in analogy to Fig. 8 illustrates several authorisation authorities HA and 
authorisation means AM for applications Appi, wherein, however, the initialisation 
to the authorised read and write stations A-WR takes place through several network 
levels Nl, N2. The network levels Nl and N2 can be formed in the same or also in 
different networks. The application Appl with I-Il of the authorisation authority 
HAI here goes through the network level Nl into the authorisation authority HA2 
and unchanged further through the network level N2 into the authorised read and 
write station. The application App2 at the authorisation authority HA2 is only 
conducted through the network level N2. This too, is independent of the 
authorisation level OLi. 

Fig. 10 depicts a further example similar to Fig. 9 with several authorisation 
authorities, applications and network levels, wherein here two applications are 
illustrated on different authorisation levels, such as, e.g., the application Appl on 
OLn and the application App2 on OLn+1. This example with the application Appl 
of the authorisation authority HAI illustrates, that it can also be supplemented to I- 
11+ in the authorisation authority HA2, so that the corresponding application in the 
data carrier IMj corresponds to this application Appl-h 

In analogy to this modification or supplementing of an application in the 
authorisation authority, it is also possible to modify or to supplement initialisation 
information to I-I+ in accordance with Fig. 4 in a read and write station A-WR. 
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Fig. 11 schematically illustrates the organisation within an authorisation system A 
with several authorisation -, resp., organisation levels, e.g., OLi = OL0 to OL5, with 
several authorisation authorities HA on different authorisation levels and with 
several independent users HA1, HA2, HA3 with the independent applications Appl, 
5 App2, App3. The highest organisation level OL0 corresponds to the level, on which 
a basic initialisation of all read and write stations and of all data carriers IM (e.g., 
through the system data field CDF) takes place in the meaning of an affiliation with 
the authorisation system A through different authorisation authorities HAiO or 
authorisation authorities HAiO.l assigned to these. The authorisation rules of the 

10 system assure the independence and mutual non-influenceability of the independent 
applications Appl, App2, App3 of the corresponding independent users on 
organisation level OLI. As from the next authorisation level OL2 to OL5, e.g., an 
independent user is capable of organising and defining his applications within the 
framework of the authorisation system A with a secondary sub-authorisation system 

15 AS him- or herself. Also on these levels as from OL2, authorisation authorities HA 
can be formed with the corresponding authorisation means AM and between the 
various, geographically distributed authorisation authorities HA corresponding 
network connections and initialisations can be implemented through network levels, 
this in accordance with the rules explained. 

20 With the authorisation system A in doing so it is ensured, that the applications of the 
various authorisation authorities are independent of one another and not mutually 
influenceable. An example with several independent applications in a data carrier is 
further illustrated in Fig. 13. In it, above all also contact-less and passive 
identification media, resp., data carriers are able to be utilised, which are also 

25 capable of communicating with a read and write station from a distance, e.g., at 
entrance gates. 
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In accordance with the invention different kinds of initialisations and ones with 
correspondingly differing security requirements are capable of being implemented in 
the authorisation system A. Fig. 12 in this context illustrates an example of a high 
hierarchic level and security requirement, in the case of which an empty mobile data 
5 carrier prepared in correspondence with the system is newly initialised with 
applications. This data carrier IM in doing so is prepared through system data of the 
authorisation system A in a system data field CDF, which defines and assures the 
affiliation with system A, which however, does not yet contain any application in an 
application data field prepared for this purpose. The new initialisation DI with the 
10 new initialisation information I-I of applications App in this application data field 
represents a first upper initialisation level. 



Fig. 13 illustrates the initialisation of additional new applications, here, e.g., of the 
application App3, with initialisation data DI3 of an authorisation authority HA3. 

15 As a further example, Fig. 13 illustrates the initialisation on an application extension 
App2.2 of an authorisation authority HA2 in addition to the existing application 
App2 by means of corresponding initialisation data DI2.2. This - on the basis of the 
following example mountain restaurant - is illustrated for the data carrier of Fig. 13 
with a data organisation in a data carrier IM with several independent applications 

20 Appl, App2, App3 and with a fixed data part CDF corresponding to the 
authorisation system A. The application Appl shall be, e.g., ski-lifts, the application 
App2 the mountain restaurant, which would like to introduce a further extension of 
its application App2.2 and which with a corresponding initialisation DI2.2 is able to 
inscribe this onto an already existing ski-pass, resp., data carrier IM of a guest 

25 directly on the spot in the mountain restaurant via its read and write station A-WR 
through the network - without the guest for this purpose having to go down into the 
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valley to an authorised read and write station (of the issuer of the ski-pass as 
application Appl) with authorisation medium, as was the case up until now. 

As a further example, the same guest in the evening down in the valley with his ski- 
pass could have a further, independent application App3 newly initialised with 
5 initialisation data DI3 of the authorisation authority HA3, e.g., access to sports 
facilities, if this should not already be set-up on his data carrier. 

Fig. 12 as a further variant of an embodiment illustrates a mobile data carrier, which 
comprises an applications micro-processor AppuP, which contains application 
program data I-I-Cod. With data carriers of this kind with integrated intelligence, 
10 combined applications are capable of being implemented, which in part are 
contained in the read and write station WR and in part in the data carrier IM and they 
make possible the handling of user authorisations ai (Fig. 14). 

The initialisation according to the invention through a suitable secure network is 
capable of making possible new applications and business models, e.g., initialisation- 
15 linked business models through the utilisation of status information S-I, e.g.: 

1. Licence fee debiting for newly initialised data carriers and newly initialised 
applications: With every initialisation of a new data carrier or of a new application in 
a data carrier IM, a correspondingly agreed licence fee is debited through the 
network at the authorisation authority HA. 
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2. Licence fee debiting for every usage: If an application is made use of by a data 
carrier at a read and write station, then for this usage a licence fee can be levied by 
the authorisation authority HA (e.g., a host H). 

This may either be continuously settled, if the read and write station WR remains 
5 permanently connected with the authorisation authority HA on-line through the 
network, or else the connection through the network may take place periodically. 
Then the usage data S-I can be stored in memory in the read and write station WR 
and periodically exchanged and settled with the authorisation authority HA. 

The initialisation through the network in accordance with the invention and the 
10 communication associated with it therefore depending on the application can take 
place both with a permanent network connection or also only periodically. In this, for 
example, applications with a validity limited in time can be renewed time and again 
by means of corresponding periodic initialisations (e.g., monthly). 

Fig. 14 illustrates different variants of possible initialisations through a network, 
15 wherein the initialisations also comprise an initialisation communication, resp., a 
utilisation communication and / or an identification communication between 
authorisation authority HA, authorised read and write station A-WR and 
identification medium, resp., data carrier IM. An initialisation may originate with the 
authorisation authority HA or it also may be requested by the read and write station 
20 A-WR or by the owner of the data carrier IM. To do so, depending on the type of the 
new initialisation, resp., the application, also a user authorisation, i.e., the agreement 
of the owner 12 of the read and write station , resp., of the owner 13 of the data 
carrier is necessary, which as authorisation means may be, for example, personal 
data of the owner 12 of the read and write station (aw), resp., personal data (ai) of the 
25 owner 13 of the data carrier, such as PIN codes, biometric data, etc. The analogue is 



-19- 



also applicable for the execution of applications at the read and write station by the 
data carrier. Depending on the type of authorisation and of its utilisation, therefore 

a user authorisation aw for the initialisation by the read and write station, resp., by its 
owner 12, 

or a user authorisation ai for the initialisation by the owner 13 of the data carrier may 
take place 

or also an authorisation for the initialisation by an additional identification 
authorisation means ID-AM may take place. 

An example of an embodiment, e.g., is the loading of cash cards at a read and write 
station as card reading device. Here it is also possible for the owner of a cash card as 
data carrier to also load money with his authorisation, i.e., user authorisation ai (e.g., 
credit card number and PIN code) through a PC and the Internet. 

With the method in accordance with the invention it is also possible to carry out 
multi-stage initialisations through networks, e.g., in several steps hierarchically 
graduated in correspondence with the authorisation A. This is illustrated by an 
example of decentralised manufacturing and distribution of chip-cards as data 
carriers with reference to Fig. 11. The owner of the authorisation system A in this 
instance is a manufacturer HAO with main domicile and centre in Europe, where 
blank cards, resp., data carriers IM are produced, which, for example, contain the 
basic system organisation with the data field CDF. These blank cards through a 
network are sent to daughter companies HA0.1 as company representatives, e.g., in 
the USA, where a further basic initialisation of the cards can also be carried out by 
the manufacturer's centre HAO as the highest authority. The daughter company 
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HA0.1 distributes these cards to independent users with independent applications, 
which represent the authorities HA1, HA2, HA3 and the cards of which are 
differentiated between by a user code, which is capable of being initialised through 
the network at the daughter company HA0.1 by the centre HAO, if the daughter 
5 HA0.1 is not authorised to do so. HAO and HA0.1 are on level OL0. This results in 
the following initialisation levels 

HAO -> HA0.1 -> HA1 

On a next level of the hierarchy, thereupon these cards FM are initialised by the 
authorisation authorities HA1, HA2, HA3 (i.e., the independent users) with their 

10 required applications Appl, App2, App3 through further organisation levels, once 
again at decentralised read and write stations A-WR. By means of initialisation - and 
authorisation rules and hierarchic graduations of the system A it is assured, that the 
owner HAO of the authorisation system A is able to maintain the control over the 
system compatibility of the cards and for an independent user HA1, HA2 etc., that he 

15 keeps the control over cards with his applications within the framework of his 
authority as from the organisation level assigned (e.g., OL1). This results in further 
initialisation levels, e.g., 

HA1 -> HA1.1 -> HA1.11 -> A-WR/IM 
on organisation levels OL1 up to OLn. 



20 The independent users HA1, HA2, HA3, etc., with the independent applications are 
also on the organisation level OL1. 
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With the examples and explanations indicated, the universal applicability of the new 
method according to the invention is to be illustrated above all also for contact-less 
systems and identification media. 

Within the scope of this description, the following designations are utilised: 



5 


N 


Network 




No 


Public network 




Np 


Private network 




G1.G2 


Security gates for a secure communication through the network 




g 


Secure environment 


10 


u 


Unsecured environment 




IM 


Mobile data carrier, identification medium 




IMj 


Initialised IM 




WR 


Decentralised read and write station 




WRk 


Initialised WR 


15 


j 


relates to IM 




k 


relates to WR 




A-WR 


Decentrally authorised read and write station 




A 


Authorisation system 




AS 


Secondary sub-authorisation system 
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AM 


Authorisation means 




AM-IM 


Authorisation identification media 




AM-I 


Authorisation data 




HA 


Authorisation authority, remote 




H 


Host computer 
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R-A-WR 


Remote authorisation read and write station 




DI 


Initialisation data 




A-I 


Authorisation information 
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A-I-FA Authorisation data for the function A-WR 

I-I Initialisation information 

I-I-Cod Applications program data 

ID-AM Identification authorisation means 

5 ID-I Identification information 

S-I Status information 

OLi Authorisation level, organisation level 

App Applications 

AppuP Applications micro-processor 

10 CDF Common data field, basic organisation of A 

ADF Application data field 

12 Owner of WR 

13 Owner of IM 

aw User authorisation of WR 

15 ai User authorisation of IM 

HO System owner 

H0.1 Daughter company of HO 



